Password security issues

[fulopm]

Hey!

There are some flaws in the default key derivation system of UFront:

• PBKDF2 is uses a very low iteration count (500). A minimum iteration count of 1000 is recommended, but it should be selected as large as possible. [http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-132.pdf#page=10&zoom=auto,-100,376](NIST recommendations for PBKDF)
• The password salt is generated from a pseudo-random source. [https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet#Use_a_cryptographically_strong_credential-specific_salt](OWASP recommendations on password storing)

I know that it's really hard to generate cryptographically secure random numbers in Haxe, but it can be solved on Linux systems by reading the /dev/urandom device.

Thanks!